From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nekare.kjorling.se (nekare.kjorling.se [89.221.249.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Fri, 19 Aug 2016 11:44:22 +0200 (CEST) Received: from yeono.kjorling.se (h-9-65.a328.priv.bahnhof.se [46.59.9.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "yeono", Issuer "yeono" (not verified)) by nekare.kjorling.se (Postfix) with ESMTPS id C93BC1140AC for ; Fri, 19 Aug 2016 09:44:13 +0000 (UTC) Received: from yeono.kjorling.se (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by yeono (Postfix) with ESMTPS id 82B161735 for ; Fri, 19 Aug 2016 11:44:13 +0200 (CEST) Date: Fri, 19 Aug 2016 09:44:12 +0000 From: Michael =?utf-8?B?S2rDtnJsaW5n?= Message-ID: <20160819094412.GB5363@yeono.kjorling.se> References: <874579112.14972576.1471597033535.JavaMail.yahoo.ref@mail.yahoo.com> <874579112.14972576.1471597033535.JavaMail.yahoo@mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <874579112.14972576.1471597033535.JavaMail.yahoo@mail.yahoo.com> Subject: Re: [dm-crypt] LUKS encrypted hard disk crashed. Recovery question List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 19 Aug 2016 08:57 +0000, from saibalka@yahoo.co.in (Saibal Kumar Adhya): > Unfortunately, the hard disk crashed sometime back. It is a hardware > fault. There was no backup. > A data recovery agency managed to recover 50% of the sectors. > However it is unable to recover any data as the original disk was > encrypted. > So now trying to figure out how to de-crypt and recover some of the > data? Unfortunately, if the key slots are lost or damaged beyond repair, and you have no backup, then I am fairly certain that you are out of luck. I assume that when you say that there was no backup, you also mean that you do not have a LUKS header copy or master key data for the container. Such a situation is similar to having overwritten the key slot area of the disk, which is a good way to quickly decomission a LUKS-encrypted disk because it renders all other data non-recoverable (the data required to gain access to the payload data no longer exists). If you are able to somehow gain access to the key slots in the LUKS header, it should be possible to decrypt the (stored) payload data, to the extent that the data recovery agency was able to recover the data. What they were not able to recover will decrypt to nonsense. -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup)